VDB

GCVE-110-OSM-2026-696

GCVE-110-OSM-2026-696
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published March 9, 2026
Malicious package detected. Behaviors: data exfiltration, code execution. Payload: src/requests_lite/utils.py Secondary files: src/requests_lite/api.py, setup.py Key findings: - Escaped Protocol Pattern in src/requests_lite/utils.py: ""://"" - Shell Command Execution in setup.py: "os.system(" - Shell Command Execution in src/requests_lite/sessions.py: "subprocess.run(" IOCs: - ipv4: 8.8.8.8 - ipv6: 1::, fe80::, 1200:0000:ab00:1234:0000:2552:7777:1313 - urls: https://user:pass@proxy:8080`, https://nvd.nist.gov/vuln/detail/CVE-2023-32681, https://bugfuzz.com, http://`., http://www.apache.org/licenses/ (+45 more) - domains: bugfuzz.com, python-requests.org, www.apache.org, kennethreitz.org, httpbin.org (+45 more) - emails: me@kennethreitz.org, me@kennethreitz.com, pass@httpbin.org, pass@complex.url.com, pass%20pass@complex.url.com (+5 more) - payloadFileHash: 9fbd7f16f1e467b293843c4d47ff0c64b94ab26a5a8e40461bbc78060280d990

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownrequests-lite2.32.7 (affected)

References

advisory
vendor

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›